Could Bots Be Targeting Your Website?

Could Bots Be Targeting Your Website?

Bad bots are on the rise and they’re targeting real estate websites. Bots can be used by competitors and hackers to web scrape, hijack accounts, steal data, spam, digital ad fraud, and more.

“When we dug into the bot activity in 2015, we identified an influx of Advanced Persistent Bots (APBs),” says Rami Essaid, co-founder and CEO of Distil Networks in their 2016 Bad Bot Landscape Report.

“ABPs can mimic human behavior, load JavaScript and external assets, tamper with cookies, perform browser automation, and spoof IP addresses and user agents," says Essaid. "The persistency aspect is that they evade detection with tactics like dynamic IP rotation from huge pools of IP addresses, using Tor networks and peer to peer proxies to obfuscate their origins, and distributing attacks over hundreds of thousands of IP addresses.”

Eighty-eight percent of bad bot traffic were APBs in 2015, according to the report.

“This shows that bot architects have already taken note of traditional bot detection techniques and are finding new sophisticated ways to invade websites and APIs, in an effort to take advantage of critical assets and impact a business's bottom line,” says Essaid.

The Distil Network, a company that provides bot detection and mitigation, found that 46 percent of all web traffic originates from bots. More than 18 percent of that traffic stems from what’s deemed “bad bots.”

Real estate websites are particularly being targeted. Real estate sites saw a 300 percent jump in bad bot activity in one year alone, according to the report. Large real estate companies were most vulnerable to attacks.

These bad bots are starting to appear more human-like too. Fifty-three percent of the bad bots identified were able to load external resources, such as JavaScript. That means the bots could wrongfully be attributed as humans in Google analytics and other tools. Also, 39 percent of bad bots were able to mimic human behavior, which means tools like web log analysis or Firewalls are able to perform less detailed analysis of clients and their behavior due to the growth in false negatives, according to the report.

The worst APBs may change their identities more than 100 times, which makes detection even more troublesome.